Event banner
Event details
254 Comments
- It feels like we are divided between these two technologies. Cloud only is all great but in reality cannot be applied to all the scenarios (non standard devices, etc.). And Config Manager for the management of devices that are connected to on prem resources. Either way, more work (at times duplicate) for admins, and more work means more cost. :) What are your suggestions for such complex environments where Cloud only is not an easy option ?
- SteveThomas
Microsoft
One of the design principles behind the "Big Three" in Config Manager (aka.ms/bigthree) is just that very fact as Aria pointed out during the session. We exactly suggest Co-management/CloudAttach/CMG in those hybrid scenarios.
- One last question (I promise)... Will there be any improvements to Autopilot ESP to allow disabling of app pushes and such that slow down or break the process?
- SteveThomasThis is great feedback. Thank you very much.
- Any news on stand-alone MCC? 😜
- Heather_Poulsen
Community Manager
Not sure we have any MCC folks here today, but we do have an AMA on Delivery Optimization and Microsoft Connected Cache later this week. 🙂 Please make sure to post this over there! https://techcommunity.microsoft.com/t5/windows-events/ama-delivery-optimization-amp-connected-cache/ec-p/3652965
- Thanks for pointing me to the other event! Left a question 👌
- ConfigMgr has Software Metering. Is there anything like that on the horizon for Intune?
- I can relate to this. When we did a lot of SCCM projects in the past we used software metering as an input for all kinds of things. From licensing checks to usage statistics, lifecycle management, etc. I would love to see Application usage statistics in Intune as a report. I know Windows 10/11 keep trak of every application started on the device. I believe that information could used for lifecycle management of applications.
- Also, to collect specific indicators like file presence or a registry key so we can hone a query for a group to deploy a remediation (EX: Old Groove client needed to be removed).
- Jason_SandysWe are actively investigating similar functionality. What business challenges or scenarios do you need this for? What exact capabilities would you like to see?
- You can get some of the information you are looking for in the Endpoint Analytics section. Endpoint analytics | Application reliability | App performance
- Why do we still have duplicates in Azure after successfully Hybrid AzureAD joined our on-prem devices? (the duplicates are usually as AzureAD registered). mind you these devices are newer OS versions like 21H1 and so on? some of these duplicates also found in intune. what is the best way to detect and remove the azuread registered ones and keep only thew hybrid azuread joined ones.
- powershell. off the top of my head you'd do Get-AzureADDevice | select deviceid | where (xxxxx) | sort lastseen - then use remove-AzureADDevice for the dupes you don't want. I think the jointype is different?
- We have some reeeeeaaaaaaly big apps (like Autocad for example). CM handles those great. Intune has some limitations for filesize, etc. The only option I found is to donwload the installer from some Azure storage when I want to use Intune. For one customer of ours, that is why we still use CM. Is there anything on the horizon there?
- SteveThomasAs cloud-based app repositories and distribution methods like the WPM (https://learn.microsoft.com/en-us/windows/package-manager/) continue to evolve, I would stay tuned for more enhancements on the application management front in the coming months.
- On Prem - Whole set of design considerations - number of GPO's vs number of policies. Could Force, loopback user to machine etc. Wait for network on logon. In Cloud - What design considerations exist? What tools would you use to track any performance impact of a cloud policy? For education customers, 'first logon performance and user experience is certainly important'.. Any tips of what has worked well for you ?
- In my experience, unlike GPO, there is no equivalent processing delay with Intune config policy. /we have loads of small policies in Intune, and it is no problem at all. And Intune has built in reporting on start up time, time to desktop etc. So don't worry about it, it really is all good.
- We have found the opposite....Intune policy's and settings are pushing out slowly and intermittently. We can't reliably say when a policy will apply from Intune....even if we force the 'sync' on the device.
- "Just moving the app workload to Intune" is very simplistic view. Some orgs have thousands of apps. Some with very large, with complex installations and targeting rules. Some to the point that they leverage Task Sequences for performing the installation.
- SteveThomasFair point. This is why simply moving the workload to intune only grants the enablement of being able to distribute apps from Intune without disrupting the CM deliveries.
- Are there any plans to improve the Powershell aspects of Intune? The biggest issue I've run into is finding correlation between powershell for automation and the GUI tools. I have had to use a lot of the Beta MG commands that are barely documented at best. For instance, if you are creating security groups via powershell script (to embed them for RBAC and Identity governance) you have to use the AzureADPreview cmdlets in order to add the dynamic query via the PS commands. MG is also the place you have to go if you want to extract much more than basic data until the Data Warehouse and PowerBI options mature more.
We also kept notes in GPO discussion the date of the change and why or who approved. Also, we would export our GPO before a larger GPO change and then for restoral we would back them up each quarter. What are recommended methods for restoral with CSPs and other configurations?
We use this tool: https://github.com/Micke-K/IntuneManagement
It can also be used to document all settings.
- I do the same. Intune is terrible for change management.
- Dave RandallTake a look at aka.ms/m365dsc as well. There are some scenarios supported for snapshots.
